Overview

overview

10

Static

static

Payment Ad...86.exe

windows7_x64

10

Payment Ad...86.exe

windows10_x64

10

Sharing

Copy URL
Twitter E-mail

General

  • Target

    Payment Advice GLV225445686.r00

  • Size

    675KB

  • Sample

    210225-n4vhgjkzme

  • MD5

    9511fbf0e7e9012c4e00b1fe68c106f0

  • SHA1

    1b669963c29f5d6d764b804e73088f2635ae09d9

  • SHA256

    41c8f6068a2af552f4ab9edd254217b79983f3416205d8bc6e3397c8ffcd043d

  • SHA512

    49281a4df537388f07156ea0e959f0ac857fb877078f381eec9bab62037406b031c4e6804d2be751bd14e8537adcd98dcb23b211504620a74aee15f4263d2d1b

Score
10/10
hawkeyekeyloggerspywarestealertrojan

Malware Config

Targets

    • Target

      Payment Advice GLV225445686.exe

    • Size

      708KB

    • MD5

      757844785304a9b94d0f994b24a2f177

    • SHA1

      4d01dcfa4292530139fc7d9264466bafd63ab8ed

    • SHA256

      9c3da492d0b98fec833d5217e46cee71fd67cf4d0bae48267cc4007095f096d2

    • SHA512

      5d0c21c7648c2b618eb079bb2cf699f89a36deab5e360b9db3244b1213b1da967b248708999bc89c7d039c9afdb5b3c4756f34d3e6203d8ef3b1ca89cd5a8176

    Score
    10/10
    hawkeyekeyloggerspywarestealertrojan

    • HawkEye

      HawkEye is a malware kit that has seen continuous development since at least 2013.

      keyloggertrojanstealerspywarehawkeye

    • Beds Protector Packer

      Detects Beds Protector packer used to load .NET malware.

    • NirSoft MailPassView

      Password recovery tool for various email clients

    • NirSoft WebBrowserPassView

      Password recovery tool for various web browsers

    • Nirsoft

    • Uses the VBS compiler for execution

    • Looks up external IP address via web service

      Uses a legitimate IP lookup service to find the infected system's external IP.

    • Suspicious use of SetThreadContext

    behavioral1behavioral2

MITRE ATT&CK Enterprise v6

Tasks